Forum Moderators: phranque
Every few minutes the fan on my laptop kicks in alerting me to excess cpu use and usually the hard disk gets busy too. As soon as I activate the task manager, it all returns to normal. However, I have managed to trace the activity to a program called wmiprvse.exe.
Opinions differ on the net about this program. There is no doubt that a legit MS program by this name exists but many suspicions have been aroused. On my system, it also seemed to spawn two other processes of the form randomname.TMP but I've only seen that once.
This program randomly or periodically appears and disappears in the task list so something else must be controlling it.
On my system (XP SP2) the file is 218,112 bytes located in system32\wbem - can anyone confirm this file size is correct?
Having spent hours on this, I'm close to reformatting the partition so if anyone can shed light on this it would be much appreciated.
Thanks,
Kaled.
Double-click on this line to access its properties. "Startup Type" should be set to "Manual". That should stop it running constantly....
[Hmm. After a bit more thought and a dig through some bits n pieces, I'm not sure that's going to help. The file one of the MS techies and I had the conversation about was actually "wmiapsrv.exe ". Both are part of "WMI" "Windows Management Instrumentation", but not sure doing what I did will inactivate YOUR bad-boy file. Can't hurt to try though, I guess....]
Vkaryl,
I'll try your suggestion when I go back to this problem. For now I'm using Win 2000. This is installed in a separate partition so, hopefully, it should be clean. (But when I booted up, my floppy drive was polled several times - don't know why.)
I've completed the testing I had to do under XP for now, so I'll stick with 2000 for a week or so and see if something appears on the net about this. I'm 90% certain that it's a problem - only a virus or spyware would pause when the Task Manager is activated (I mean made visible, not opened).
Thanks,
Kaled.
you might take a look at the sophos site for removal instruction ( I don't think I can link here as it's a commercial site ) wrap it as www.(space).com ...there are some examples of this process running normally in machines but rarely workstation ( its normally a server app )..where you have yours would normally make it legit ..but some of the nasties live in the clean folder too ( especially the W32sonebot-b ) ..does it try to access anything other than speed up your fan? one of it's original intentions ( designed in by Redmond ) was to optimise CPU temp ..so if you are running very processor intensive apps this could be normal ..however it it wasn't suposed to poll your floppy on start ..that is normally the behaviour of the bad version ...
in spite of the fact that I am regulery unimpressed by What symantec get upto you may find this report enlightening...they as usual,refer to it by their own name gletta.a [securityresponse.symantec.com...]
Other than polling the floppy at bootup, my 2000 installation seems to be behaving correctly but I'll run full scans later when I'm taking a break.
Thanks,
Kaled.
